Security in autonomic communication Shuping Liu Networking Lab

advertisement
Security in autonomic
communication
Shuping Liu
Networking Lab
HUT
Contents
 Why
autonomic?
 Why security?
 Security characteristic
 Security challenge
 Security solution
 Policy-based solution
 conclusion
Why autonomic?
Communication system becomes more complex,
more interconnected, more dynamic and more
tightly woven into our lives.
 Human resources involved in managing and
administering them have grown rapidly and
constitute a steadily larger fraction of the cost.
 Autonomic communication is aimed to be
autonomous, managing their own evolution,
performance, security and fault concerns without
explicit user or administrator actions.

Why security? (1/3)
Why security? (2/3)
Why security? (3/3)
Security characteristic
 Autonomic
communication will not create an
entirely new security.
 All the traditional securities will arise in
autonomic communication systems. Some
in more complex and urgent form.
 Autonomic communication will give rise to
unique security threats of their own.
Security challenge
New technologies and architectures, whose security
implications are not yet well understood.
 Anomalous behavior caused by security
compromises due to reduced human activities.
 Span different administrative domains
 Deal with a constantly changing set of other systems.
Need flexible new methods for trust establishing,
attack and compromise detecting, recovering.
 Deal with personal information. Need to obey
privacy policies required by nation laws and
business ethics.

Security solution
Software solution
policy control (the details followed)
access control
autonomic distributed firewalls (ADF)
…
 Hardware solution
security enhanced chip multiprocessor
…

Policy-based solution(1/21)
 Security
policy is the primary tool for
security in autonomic communication.
 The unit of autonomic communication,
generally referred to as “autonomic element”,
is anticipated as follows,
simple and of fixed function at small scales
function dynamically at higher levels
Policy-based solution(2/21)
 An
autonomic element will involve two parts:
function unit: perform whatever basic
function the element provide
management unit: oversees the operation
of the functional unit
Policy-based solution(3/21)
Logical
structural
of an
autonomic
element
Policy-based solution(4/21)
 Management
unit carries with them, or
otherwise has access to,
policies that govern and constrain their
behaviors at a comparatively high level
task and state representations that
functionally describe their current mission,
strategy, and status at a lower level
Policy-based solution(5/21)
Some of the policies will be security policies
 Some of the task and state representations will
also be relevant to the element’s security
 By explicitly representing both security policies
and security-related tasks and states, autonomic
elements will be able to automatically handle a
wide range of security issues that are currently
addressed by human

Policy-based solution(6/21)
Many autonomic communication systems span
different administrative domains
 It is not enough for an autonomic element to ensure
its own security
 Autonomic elements are capable of negotiating
security and policy, and to gather and securely
exchange the info.
 Another problem is trust-establishment, because
autonomic element has less control over, and less
complete and reliable info. about the element in
other domain

Policy-based solution(7/21)
Hierarchy trust
model
Policy-based solution(8/21)
Mesh trust
model
Policy-based solution(9/21)
Bridge trust model
Policy-based solution(10/21)
Hybrid trust
model
Policy-based solution(11/21)
Trust
model
based on
Gateway
CA’s
Policy-based solution(12/21)
 Trust
problem also exist between user and
policy systems.
 How can we trust a policy system to make
the best decision?
 Hoi Chan et. al. suggests a policy system
with trust building tools
Policy-based solution(13/21)

Notations,
ITI: instantaneous trust index, to each execution of each
policy
ITI = f (m1,m2,…), where m1,m2 … are weights
assigned to each user modification, and 0<=ITI<=1
OTI:overall trust index, for a policy and reflects the level
of trust that the user has in a particular policy or
group of policies
OTI = f1(ITI1,ITI2,…), where f1 is average function
Policy-based solution(14/21)
a policy
system
with trust
building
tools
Policy-based solution(15/21)


KB, knowledge base, uses the information, through some
reinforcement learning algorithms, to adjust the behavior of
the policy in a way to maximize the OTI.
There are 3 modes of operation,
Minimal trust (supervised) mode
Partial trust (modify) mode
Full trust (automatic) mode

The user is able to place the system into one of these
modes at will on a per-policy base.



Policy-based solution(16/21)
Minimal trust mode, start mode by default
Policy generates the actions  not executed  the user
exams the actions  the user accepts, or propose his
own actions, or denies  return ITI by an expert-defined
function  KB actions
As the policy system evolves to a point where OTI≈1, the
user may change to next trust level for the policy
Partial trust mode
This mode is similar to Minimal mode. But in this case,
user can only change the parameters, instead of actions.
Full trust mode
The policy system fully execute the actions without user
intervention
Policy-based solution(17/21)
We should know that, the policies, and the task
and state representation provide high-value
targets to a potential attacker.
 Let us consider a scenario, the attacker insert a
piece of code that causes the system to silently
send him or her a copy of some important
information at a particular email address at a
particular time.

Policy-based solution(18/21)



In traditional communication system, the leak will stop if
that email address becomes unavailable, or a network
gateway blocks it.
However, in an autonomic element, if the code is inserted
as a policy piece, the autonomic element would then use
every resource at its disposal to ensure that the information
is delivered to the attacker. The attacker would have
harnessed the element’s own ability to adapt to changing
conditions and adopt new strategies for the purpose of
stealing the desired information.
Preventing such high-level subversion will be an important
part of the security of autonomic systems.
Policy-based solution(19/21)
 On
the other hand, the security policies that
govern an autonomic element can provide
new levels of resistance to attack.
Policy-based solution(20/21)
data leak in
traditional
systems
Policy-based solution(21/21)
data leak in
autonomic
systems
Conclusion




No functioning system is perfectly secure, autonomic
communication system will be no exception.
The development of autonomic systems cannot be delayed
until the final security solution is available, since it is
impossible
Recent advances, including autonomic intrusion detection
systems, secure embedded processors, proactive security
measures, and automated virus response, have taken
some burden of security maintenance off overloaded
system administrators.
But there is much more which is waiting for us…
Thanks!
Any comments and questions?
Download